First They will get some network sniffing tool. I am extremely proud MS recently released shiny new NETMON 3 that can be downloaded for FREE here https://connect.microsoft.com/availableconnections.aspx and the team manages very nice blog here http://blogs.technet.com/netmon/default.aspx that explains in very detailed manner how to capture, filter network traffic and even automate all this.
After studying all this, first thing I believe They try to sniff HTTP traffic applying proper filter:
and looking for juicy information like passwords or business critical information between the frames They've captured:
How to get protected?
Avoid sending sensitive information over the wire. For example when connecting to SQL Server:
Apply network protection mechanisms:
- How To: Call a Web Service Using Client Certificates from ASP.NET
- How To: Call a Web Service Using SSL
- How To: Set Up SSL on a Web Server
- How To: Set Up Client Certificates
- How To: Use IPSec for Filtering Ports and Authentication
- How To: Use IPSec to Provide Secure Communication Between Two Servers
- How To: Use SSL to Secure Communication with SQL Server 2000